From ea52474150ec884e46a0df8359fd5dce898c4407 Mon Sep 17 00:00:00 2001 From: Georg Glas Date: Sun, 2 Jun 2024 17:48:33 +0200 Subject: [PATCH] Matrix Setup mittels Ansible #510 https://github.com/BiP-org/bip-infrastructure/issues/510 --- .gitignore | 2 ++ ansible.cfg | 46 +++++++++++++++++++++++++++++++++++++++++++--- setup.yml | 50 +++++++++++++++++++++++++------------------------- 3 files changed, 70 insertions(+), 28 deletions(-) diff --git a/.gitignore b/.gitignore index 42e31f6505d..0c2a095dcf4 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ # ignore roles pulled by ansible-galaxy /roles/galaxy/* !/roles/galaxy/.gitkeep +/setup.retry +/setup.yml~ diff --git a/ansible.cfg b/ansible.cfg index 360ce153c21..7a3a3c0b64b 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,46 @@ [defaults] -retry_files_enabled = False stdout_callback = yaml - -[connection] +stderr_callback = debug +#stdout_callback = debug +display_failed_stderr = no +display_ok_hosts = yes +display_skipped_hosts = yes +show_custom_stats = yes +display_args_to_stdout = yes +show_per_host_start = true +retry_files_enabled = true +host_key_checking = False pipelining = True +#handler_includes_static = True +callback_plugins = plugins/callback_plugins +connection_plugins = plugins/ansible_mitogen/plugins/connection +#allow_world_readable_tmpfiles = true +log_path=ansible.log +cache_plugin=yaml +fact_caching_prefix = None +fact_caching_timeout = 86400 +fact_caching_connection = .cache/ +forks = 10 +action_plugins = ~/.ansible/collections:plugins/ansible_mitogen/plugins/action +strategy_plugins = ~/.ansible/collections:plugins/ansible_mitogen/plugins/strategy +collections_path = ~/.ansible/collections:/usr/share/ansible/collections:/etc/ansible/collections +strategy = mitogen_linear +gather_timeout = 60 +timeout = 90 +connect_timeout= 60 +interpreter_python = /usr/bin/python3 + +[inventory] +cache=True + +[ssh_connection] +# use to benchmark ssh ciphers +## for i in `ssh -Q cipher`; do dd if=/dev/zero bs=1M count=1000 2> /dev/null | ssh -c $i localhost "(time -p cat) > /dev/null" 2>&1 | grep real | awk '{print "'$i': "1000 / $2" MB/s" }'; done +ssh_args = -o ControlPath=~/.ansible/%h%p%r -o ControlMaster=Auto -o KbdInteractiveAuthentication=no -o TCPKeepAlive=yes -o ForwardAgent=yes -o ControlPersist=300s -c aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com -o PreferredAuthentications=publickey -o PasswordAuthentication=no +retries=4 + +[paramiko] +record_host_keys=False + +[galaxy] +server = https://old-galaxy.ansible.com/ diff --git a/setup.yml b/setup.yml index d93a71a2e02..db596c9c032 100644 --- a/setup.yml +++ b/setup.yml @@ -5,17 +5,17 @@ roles: # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `just roles` command (see `justfile`). - - role: galaxy/playbook_help + - role: playbook_help tags: - setup-all - install-all - - role: galaxy/systemd_docker_base + - role: systemd_docker_base - role: custom/matrix_playbook_migration - when: matrix_playbook_docker_installation_enabled | bool - role: galaxy/docker + role: docker vars: docker_install_compose: false docker_install_compose_plugin: false @@ -26,7 +26,7 @@ - install-all - when: devture_docker_sdk_for_python_installation_enabled | bool - role: galaxy/docker_sdk_for_python + role: docker_sdk_for_python tags: - setup-docker - setup-all @@ -34,7 +34,7 @@ - install-all - when: devture_timesync_installation_enabled | bool - role: galaxy/timesync + role: timesync tags: - setup-timesync - setup-all @@ -43,12 +43,12 @@ - custom/matrix-base - custom/matrix-dynamic-dns - - galaxy/exim_relay + - exim_relay - - role: galaxy/postgres + - role: postgres - - galaxy/redis - - galaxy/keydb + - redis + - keydb - custom/matrix-corporal - custom/matrix-appservice-draupnir-for-all - custom/matrix-bridge-appservice-discord @@ -100,56 +100,56 @@ - custom/matrix-dendrite - custom/matrix-conduit - custom/matrix-synapse-admin - - galaxy/prometheus_node_exporter - - galaxy/prometheus_postgres_exporter + - prometheus_node_exporter + - prometheus_postgres_exporter - custom/matrix-prometheus-nginxlog-exporter - - galaxy/prometheus - - galaxy/grafana + - prometheus + - grafana - custom/matrix-prometheus-services-connect - custom/matrix-registration - custom/matrix-client-element - custom/matrix-client-hydrogen - custom/matrix-client-cinny - custom/matrix-client-schildichat - - galaxy/jitsi + - jitsi - custom/matrix-user-verification-service - custom/matrix-ldap-registration-proxy - custom/matrix-ma1sd - custom/matrix-dimension - - galaxy/etherpad + - etherpad - custom/matrix-sliding-sync - custom/matrix-email2matrix - custom/matrix-sygnal - - galaxy/ntfy + - ntfy - custom/matrix-static-files - custom/matrix-coturn - custom/matrix-media-repo - custom/matrix-pantalaimon - - role: galaxy/postgres_backup + - role: postgres_backup - - role: galaxy/backup_borg + - role: backup_borg - custom/matrix-user-creator - custom/matrix-common-after - - role: galaxy/container_socket_proxy + - role: container_socket_proxy - - role: galaxy/traefik + - role: traefik - - role: galaxy/traefik_certs_dumper + - role: traefik_certs_dumper - - role: galaxy/auxiliary + - role: auxiliary - when: devture_systemd_service_manager_enabled | bool - role: galaxy/systemd_service_manager + role: systemd_service_manager # This is pretty much last, because we want it to better serve as a "last known good configuration". # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 - when: devture_playbook_state_preserver_enabled | bool - role: galaxy/playbook_state_preserver + role: playbook_state_preserver tags: - setup-all - install-all - - role: galaxy/playbook_runtime_messages + - role: playbook_runtime_messages